[Secure-testing-commits] r33381 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Sat Apr 4 09:10:19 UTC 2015
Author: sectracker
Date: 2015-04-04 09:10:19 +0000 (Sat, 04 Apr 2015)
New Revision: 33381
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-04-04 07:53:58 UTC (rev 33380)
+++ data/CVE/list 2015-04-04 09:10:19 UTC (rev 33381)
@@ -1,3 +1,15 @@
+CVE-2015-2837
+ RESERVED
+CVE-2015-2836
+ RESERVED
+CVE-2015-2835
+ RESERVED
+CVE-2015-2834
+ RESERVED
+CVE-2015-2833
+ RESERVED
+CVE-2015-2832
+ RESERVED
CVE-2015-XXXX [DoS]
- node <unfixed> (bug #777013)
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/04/03/10
@@ -68,6 +80,7 @@
CVE-2015-2811 (XML external entity (XXE) vulnerability in ReportXmlViewer in SAP ...)
NOT-FOR-US: SAP NetWeaver Portal
CVE-2015-2830 [Linux mishandles int80 fork from 64-bit tasks]
+ RESERVED
- linux <unfixed>
- linux-2.6 <removed>
NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=956421fbb74c3a6261903f3836c0740187cf038b (v4.0-rc3)
@@ -88,6 +101,7 @@
CVE-2015-2807
RESERVED
CVE-2015-2831 [Buffer overflow in the handling of the XAUTHORITY env variable]
+ RESERVED
- das-watchdog <unfixed> (bug #781806)
NOTE: Upstream commit: https://github.com/kmatheussen/das_watchdog/commit/bd20bb02e75e2c
NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/8
@@ -5280,18 +5294,18 @@
NOT-FOR-US: Schneider Electric InduSoft Web Studio
CVE-2015-0996 (Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and ...)
NOT-FOR-US: Schneider Electric InduSoft Web Studio
-CVE-2015-0995
- RESERVED
-CVE-2015-0994
- RESERVED
-CVE-2015-0993
- RESERVED
-CVE-2015-0992
- RESERVED
-CVE-2015-0991
- RESERVED
-CVE-2015-0990
- RESERVED
+CVE-2015-0995 (Inductive Automation Ignition 7.7.2 uses MD5 password hashes, which ...)
+ TODO: check
+CVE-2015-0994 (Inductive Automation Ignition 7.7.2 allows remote authenticated users ...)
+ TODO: check
+CVE-2015-0993 (Inductive Automation Ignition 7.7.2 does not terminate a session upon ...)
+ TODO: check
+CVE-2015-0992 (Inductive Automation Ignition 7.7.2 stores cleartext OPC Server ...)
+ TODO: check
+CVE-2015-0991 (Inductive Automation Ignition 7.7.2 allows remote attackers to obtain ...)
+ TODO: check
+CVE-2015-0990 (Untrusted search path vulnerability in Ecava IntegraXor SCADA Server ...)
+ TODO: check
CVE-2015-0989
RESERVED
CVE-2015-0988
@@ -5318,8 +5332,8 @@
TODO: check
CVE-2015-0977 (Network Vision IntraVue before 2.3.0a14 on Windows allows remote ...)
NOT-FOR-US: IntraVue
-CVE-2015-0976
- RESERVED
+CVE-2015-0976 (Cross-site scripting (XSS) vulnerability in Inductive Automation ...)
+ TODO: check
CVE-2015-0975
RESERVED
CVE-2015-0974
@@ -5733,10 +5747,10 @@
RESERVED
CVE-2015-0904
RESERVED
-CVE-2015-0903
- RESERVED
-CVE-2015-0902
- RESERVED
+CVE-2015-0903 (Buffer overflow in Saitoh Kikaku Maruo Editor 8.51 and earlier allows ...)
+ TODO: check
+CVE-2015-0902 (The Semper Fi All in One SEO Pack plugin before 2.2.6 for WordPress ...)
+ TODO: check
CVE-2015-0901 (Cross-site scripting (XSS) vulnerability in the duwasai flashy theme ...)
TODO: check
CVE-2015-0900 (Cross-site scripting (XSS) vulnerability in schedule.cgi in Nishishi ...)
@@ -6278,18 +6292,18 @@
RESERVED
CVE-2015-0688
RESERVED
-CVE-2015-0687
- RESERVED
-CVE-2015-0686
- RESERVED
-CVE-2015-0685
- RESERVED
-CVE-2015-0684
- RESERVED
-CVE-2015-0683
- RESERVED
-CVE-2015-0682
- RESERVED
+CVE-2015-0687 (The SNMP implementation in Cisco IOS 15.1(2)SG4 on Catalyst 4500 ...)
+ TODO: check
+CVE-2015-0686 (The SNMP implementation in Cisco NX-OS 6.1(2)I2(3) on Nexus 9000 ...)
+ TODO: check
+CVE-2015-0685 (Cisco IOS XE before 3.7.5S on ASR 1000 devices does not properly ...)
+ TODO: check
+CVE-2015-0684 (SQL injection vulnerability in the Image Management component in Cisco ...)
+ TODO: check
+CVE-2015-0683 (Cisco Unified Communications Domain Manager 8.1(4) allows remote ...)
+ TODO: check
+CVE-2015-0682 (Cisco Unified Communications Domain Manager 8.1(4) allows remote ...)
+ TODO: check
CVE-2015-0681
RESERVED
CVE-2015-0680 (Cisco Unified Call Manager (CM) 9.1(2.1000.28) does not properly ...)
@@ -6320,8 +6334,7 @@
NOT-FOR-US: Cisco
CVE-2015-0667 (The Management Interface on Cisco Content Services Switch (CSS) 11500 ...)
NOT-FOR-US: Cisco
-CVE-2015-0666
- RESERVED
+CVE-2015-0666 (Directory traversal vulnerability in the fmserver servlet in Cisco ...)
NOT-FOR-US: Cisco
CVE-2015-0665 (The Hostscan module in Cisco AnyConnect Secure Mobility Client ...)
NOT-FOR-US: Cisco
@@ -11414,8 +11427,8 @@
RESERVED
CVE-2014-8391
RESERVED
-CVE-2014-8390
- RESERVED
+CVE-2014-8390 (Multiple buffer overflows in Schneider Electric VAMPSET before 2.2.168 ...)
+ TODO: check
CVE-2014-8389
RESERVED
CVE-2014-8388 (Stack-based buffer overflow in Advantech WebAccess, formerly BroadWin ...)
@@ -18485,18 +18498,18 @@
NOT-FOR-US: Schneider Electric
CVE-2014-5406
RESERVED
-CVE-2014-5405
- RESERVED
+CVE-2014-5405 (Hospira MedNet before 6.1 uses a hardcoded cleartext password to ...)
+ TODO: check
CVE-2014-5404
RESERVED
-CVE-2014-5403
- RESERVED
+CVE-2014-5403 (Hospira MedNet before 6.1 uses hardcoded cryptographic keys for ...)
+ TODO: check
CVE-2014-5402
RESERVED
CVE-2014-5401
RESERVED
-CVE-2014-5400
- RESERVED
+CVE-2014-5400 (The installation component in Hospira MedNet before 6.1 places ...)
+ TODO: check
CVE-2014-5399 (SQL injection vulnerability in Schneider Electric Wonderware ...)
NOT-FOR-US: Schneider Electric
CVE-2014-5398 (Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 ...)
More information about the Secure-testing-commits
mailing list